Categories

Author

Keeping your secrets secret

July 18, 2008 — jao

As much as i try to avoid it, i always end up with lots of usernames and passwords to remember, not to mention a couple of bank accounts and a credit card number for on-line shopping. There’s no way i’m going to remember any of them—why, i even need to keep track of my telephone number. Time to write down a tidy nice little list, that is, time to look for and set up an adequate emacs mode or two.

When it comes to keeping lists, the table editor of org-mode is what you need. Org-mode is included in emacs 22, but Carsten &co. keep adding new stuff and fixing bugs, so it won’t hurt you to get the unstable version from its website. It comes with a nice manual and installing it is a freeze. You enter table mode by typing a vertical bar (|) to separate columns:

* Bank accounts
|Account | Credit card | Expiry date | Password |
|-

From there TAB and RET are your friends: new rows are created and column widths adjusted automagically. You can also add separators by starting a line with |- (as i did above) and typing TAB. In no time you’ll have something like this:

All in conveniently foldable sections, so that you can expand only the interesting section.

But, of course, you don’t want to save this as a regular file (let alone publish it on the internet). Even on a Unix machine, protecting it via file permissions is very weak. Nah, what you want is to encrypt the thing. To that end, one can use public key cryptography.

In a nutshell, you generate a pair of keys: one of them is private, only for your eyes, and therefore should be protected by a solid password; the other one is public: you make it available to anyone that wants to communicate with you. People then write their secret text and encrypt it using the public key. When that’s done, only your secret key (barring the NSA) can decipher the text. Of course, nothing prevents you from using the same device to encrypt and decrypt your passwords file.

This being an emacs blog, i won’t delve into the details of using GnuPG to create a key pair if you don’t already have it. But you being an emacs user, i’m sure you’ll be quite able to run gpg --key-gen to generate your keys.

You could now use gpg to manually cipher and decipher the passwords file, but, you know, one uses emacs because it can do almost any thing for you. In this case, EasyPG will take care of the chore of decrypting the file every time you open it and encrypting it back when it goes to disk. The EasyPG package comes bundled with emacs 23, and, again, it is very easy to install if you are using previous emacs versions. This is the configuration i use for this package:

As you can see, we’re also telling EasyPG what key it should use for its cryptographic activities.

That’s it. No rocket science here, but very handy nonetheless, and a very nice example of how different major (org) and minor (org-table, epa) emacs modes can work together for you. A perfect use case of minor modes providing functionality orthogonal to that in the major mode, which is caring about the actual file contents. Personally, this is also the use case that got me started with org-mode: may it enlighten you too 🙂

Happy encrypting!

(BTW, now that you have EasyPG installed, try M-x epa-list-keys, a nice keyring browser, if you ask me.)

Update
Now, parts of outlines can be conveniently encrypted.
No need to have a separated file for your passwords, just put
them where they belong in your org universe.
See: org-crypt.el by John Wiegley in the contrib directory andhttp://doc.norang.ca/org-mode.html#HandlingEncryption.

Recently I’ve seen the GNU emacs installation on my Macbook stop asking for the passphrase when I open a GPG encrypted file. It still asks on save but it seems to automatically decrypt the file when opened.

Just tested and it doesn’t happen in Aquamacs. Aquamacs still asks for the passphrase.

[…] text documents, as I do, you can make this basically transparent by using epa (EasyPG) as described here and here. If you use public key encryption and don’t encrypt the key on your computer, the […]

[…] or deal with third party software, you can keep them in an encrypted Org file as explained in this Minor Emacs Wizardry post. This is what I do and it works out fine except that it isn’t integrated into my Web […]